ICS

SCADA System Vulnerabilities: Easy to find online?

SCADA system vulnerabilities are easy to discover thanks to the mass amount of media coverage and online resources, cyber security specialists have revealed. The announcement came at the IET Cyber Security for Industrial Control Systems seminar, where cyber security specialists discussed SCADA system vulnerabilities and the impact that it may have on the UK’s safety. Specialists at the conference noted that the amount of open-source information publicised on the Internet may contribute to a cyber-attack on the UK of catastrophic proportions in the years to come.

Specialist online publications, blogs, social networking websites and security whitepapers are freely available online and discuss current SCADA system vulnerabilities. By widely publicising some of the common security vulnerabilities online, researchers fear that the UK may be vulnerable to mass cyber-attack on our critical national infrastructure. What is more worrying are the wide ranging toolsets freely available to identify vulnerable SCADA systems connected to the Internet. Shogan, a tool that is available free of use, enables potential attackers to identify vulnerable systems connected to the Internet, making active reconnaissance a thing of the past for cyber criminals.

SCADA system vulnerabilities pose a serious threat to the UK’s critical national infrastructure

A wealth of further information is freely available on the vulnerabilities of these kinds of systems, as detailed in the report “Using Open Source Intelligence to Improve ICS & SCADA security” by engineering giants Atkins. The report provides further details of the types of information available to attacks – from common vulnerabilities through to potential attack paths. Some of these vary from technical attacks through to social engineering attempts.

The research provided by Atkins shows how a high level of sophistication of attacker is no longer a necessity for these types of systems, especially with SCADA system vulnerabilities so well publicised.

So, with common, well-publicised vulnerabilities available across the web, a wealth of open-source tools to assist attackers and a lack of understanding of how to secure ICS and SCADA systems appropriately, how does the future look for the UK’s critical national infrastructure? Well, this could be a sign of the times that the UK need’s to employ professionally trained consultants that are experts in ICS and SCADA systems to prevent this threat. As new vulnerabilities are published and new tools become available, companies must adapt and change their security posture appropriately.

See our section on ICS to provide further information, resources and links to assist with securing critical national infrastructure.